Microsoft has detailed a new security feature for Windows 11 called Smart App Control, a major enhancement that is designed to prevent users from running malicious applications on Windows devices by blocking untrusted and unsigned applications by default. Sounds neat, right? Absolutely, but there’s a major caveat—users who want to enable the feature will probably have to wipe their systems and start fresh. As explained by David Weston, Vice President of Enterprise and OS Security for Microsoft, users who are running an older version of Windows 11 (e.g., pretty much everyone) will need to reset and reinstall the OS before they can enable the new security feature. This should be an interesting test to see which Windows users truly value security.
“Smart App Control will ship on new devices with Windows 11 installed,” Weston clarified. “Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.”
New security features for Windows 11 will help protect hybrid work (Microsoft)
Smart App Control goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud.
Model inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals. When a new application is run on Windows 11, its core signing and core features are checked against this model, ensuring only known safe applications are allowed to run. This means Windows 11 users can be confident they  are using only safe and reliable applications on their  new  Windows devices.